Context Navigation

← Previous Change
Next Change →

Changeset 8 for trunk/src

Timestamp:

10/20/05 15:05:40 (17 years ago)

Author:

andreu

Message:

second RENETCOL CVS Integration

Location:

Files:

: 1 added
: 12 modified

Makefile.in (added)
V9Header_mgmt.c (modified) (1 diff)
headers_mgmt.c (modified) (2 diffs)
headers_mgmt.h (modified) (1 diff)
msg_mgmt.c (modified) (2 diffs)
remote_output.c (modified) (4 diffs)
remote_output.h (modified) (3 diffs)
renetcol.c (modified) (12 diffs)
renetcol.h (modified) (3 diffs)
renetcolSender.c (modified) (7 diffs)
renetcolSender.h (modified) (2 diffs)
rules.txt (modified) (3 diffs)
rules_mgmt.c (modified) (26 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/V9Header_mgmt.c

r2	r8
165	165	/* if (pcktPtr->ipH->length != 20+8+24+(pcktPtr->netflow_header->nombre_flows48)) /
166	166	/* { */
167		/* syslog(LOG_INFO,"IP length (%u), UDP length (%u) and netflow length (%u) differents",
168		* pcktPtr->ipH->length,pcktPtr.entete_udp.longueur,
169		(pcktPtr->netflow_header->nombre_flows48)); /
	167	/* syslog(LOG_INFO,"IP length (%u), UDP length (%u) and netflow length (%u) differents", */
	168	/* pcktPtr->ipH->length,pcktPtr.entete_udp.longueur, */
	169	/* (pcktPtr->netflow_header->nombre_flows48)); /
170	170	/* return(1); */
171	171	/* } */

trunk/src/headers_mgmt.c

r2	r8
98	98	longCmp) == NULL )
99	99	{
100		syslog(LOG_INFO,"Router Address not registered : %lu.%lu.%lu.%lu)",
101		(pP->ipH->srcAdd>>24),
102		(pP->ipH->srcAdd<<8>>24),
103		(pP->ipH->srcAdd<<16>>24),
104		(pP->ipH->srcAdd<<24>>24));
105		return(1);
	100	return(2);
106	101	}
107	102	return(0);
…	…
137	132	*/
138	133	unsigned short
139		checkUdpHeader(DatagramPtr pckt)
	134	checkUdpHeader(DatagramPtr pckt, int regRouter, unsigned short receptPort )
140	135	{
141		if(pckt->udp_header->dstPort != ~~9999~~)
	136	if(pckt->udp_header->dstPort != receptPort)
142	137	{
143		/* syslog(LOG_INFO,"Wrong destination port (%u)", */
144		/* pckt.udp_header.port_destination); */
	138	if (regRouter == 0){
	139	syslog(LOG_INFO,"Wrong destination port (%u)",
	140	pckt->udp_header->dstPort);
	141	return (1);
	142	}
	143	return (1);
	144	}else{
	145	if (regRouter == 2)
	146	{
	147	syslog(LOG_INFO,"Router Address not registered : %lu.%lu.%lu.%lu)",
	148	(pckt->ipH->srcAdd>>24),
	149	(pckt->ipH->srcAdd<<8>>24),
	150	(pckt->ipH->srcAdd<<16>>24),
	151	(pckt->ipH->srcAdd<<24>>24));
	152	return (1);
	153	}
	154	return (0);
145	155	}
146		if(pckt->udp_header->length > 1472)
147		{
148		syslog(LOG_INFO,"UDP length > 1472");
149		return(1);
150		}
	156	/* if(pckt->udp_header->length > 1472) */
	157	/* { */
	158	/* syslog(LOG_INFO,"UDP length > 1472"); */
	159	/* return(1); */
	160	/* } */
151	161	return(0);
152	162	}

trunk/src/headers_mgmt.h

r2	r8
63	63	unsigned short checkIpHeader(DatagramPtr, unsigned long *, int);
64	64	unsigned short getUdpHeader(DatagramPtr, unsigned char *);
65		unsigned short checkUdpHeader(DatagramPtr);
	65	unsigned short checkUdpHeader(DatagramPtr, int, unsigned short);
66	66	#endif /* HEADERS_MGMT_H */

trunk/src/msg_mgmt.c

r2	r8
71	71	syslog(LOG_INFO,"The IPC queue is full, I don't wait");
72	72	} else {
73		~~perror ("msgsnd"); /* FIXME errno to syslog */~~
	73	syslog(LOG_ERR,"msgsnd : %s", strerror(errno));
74	74	exit(1);
75	75	}
…	…
88	88	syslog(LOG_INFO,"msgrcv : Internal system call");
89	89	} else {
90		~~perror ("msgrcv"~~);
	90	syslog (LOG_ERR,"msgrcv : %s", strerror(errno));
91	91	exit(1);
92	92	}

trunk/src/remote_output.c

r2	r8
31	31	printHostDef(RemoteHostPtr rHPtr)
32	32	{
	33	char buf[256];
33	34	fprintf(stderr, " socket : %d\n", rHPtr->sockId);
34		fprintf(stderr, " address : %s:%u\n",
35		inet_ntoa(rHPtr->hostAddressPtr->sin_addr),
36		ntohs(rHPtr->hostAddressPtr->sin_port));
	35	switch (rHPtr->hostAddressPtr->ss_family){
	36	case AF_INET:
	37	fprintf(stderr, " address : %s\n",
	38	inet_ntop(rHPtr->hostAddressPtr->ss_family,
	39	&((struct sockaddr_in *)rHPtr->hostAddressPtr)->sin_addr,
	40	buf, 256));
	41	break;
	42	case AF_INET6:
	43	fprintf(stderr, " address : %s\n",
	44	inet_ntop(rHPtr->hostAddressPtr->ss_family,
	45	&((struct sockaddr_in6 *)rHPtr->hostAddressPtr)->sin6_addr,
	46	buf, 256));
	47	break;
	48	}
37	49	}
38	50
…	…
43	55	freeRemoteHost(RemoteHostPtr rHPtr)
44	56	{
45		if (rHPtr->msgIpv4){
46		free(rHPtr->msgIpv4);
47		rHPtr->msgIpv4 = NULL;
48		}
49		if (rHPtr->msgIpv6){
50		free(rHPtr->msgIpv6);
51		rHPtr->msgIpv6 = NULL;
52		}
53		if (rHPtr->msgXcast){
54		free(rHPtr->msgXcast);
55		rHPtr->msgXcast = NULL;
	57	if (rHPtr->hostAddressPtr){
	58	free(rHPtr->hostAddressPtr);
	59	rHPtr->hostAddressPtr = NULL;
56	60	}
57	61	free(rHPtr);
…	…
99	103	*/
100	104	int
101		create_socket(char remote_address, ~~int remote_port, struct sockaddr_in~~ addr)
	105	create_socket(char remote_address, char remote_port, struct sockaddr_storage *addr)
102	106	{
103	107	int s;
104		s = socket(AF_INET, SOCK_DGRAM, 0);
	108	struct addrinfo index, *res=NULL;
	109	int code;
	110
	111	memset(&index, 0, sizeof index);
	112	index.ai_family = AF_UNSPEC;
	113	index.ai_socktype = SOCK_DGRAM;
	114	index.ai_protocol = IPPROTO_UDP;
	115	code = getaddrinfo(remote_address, remote_port, &index, &res);
	116	if (code!=0) {
	117	syslog(LOG_ERR, "Error, %s : %s", gai_strerror(code), remote_address);
	118	return 0;
	119	}
	120	s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
105	121	if (s < 0)
106	122	{
107		perror("opening datagram socket");
108		exit(1);
	123	syslog(LOG_ERR,"Error during opening datagram socket %s",
	124	strerror(errno));
	125	return 0;
109	126	}
110		memset(addr, 0, sizeof(struct sockaddr_in));
111		addr->sin_addr.s_addr = inet_addr(remote_address); /* FIXME obsolete */
112		addr->sin_family = AF_INET;
113		addr->sin_port = htons(remote_port);
	127	switch (res->ai_family){
	128	case AF_INET6:
	129	addr->ss_family = AF_INET6;
	130	((struct sockaddr_in6 )addr)->sin6_addr = ((struct sockaddr_in6 )res->ai_addr)->sin6_addr;
	131	((struct sockaddr_in6 *)addr)->sin6_port =
	132	htons((unsigned short)atoi(remote_port));
	133	break;
	134	case AF_INET:
	135	((struct sockaddr_in )addr)->sin_addr = ((struct sockaddr_in )res->ai_addr)->sin_addr;
	136	addr->ss_family = AF_INET;
	137	((struct sockaddr_in *)addr)->sin_port =
	138	htons((unsigned short)atoi(remote_port));
	139	break;
	140	case AF_UNSPEC:
	141	break;
	142	}
	143	freeaddrinfo(res);
114	144	return s;
115	145	}
…	…
120	150	int
121	151	sendMessage(int socket_number, unsigned char *msg, int msgSize,
122		struct sockaddr_in *addr)
	152	struct sockaddr_storage *addr)
123	153	{
124	154	int s;
	155	socklen_t addrlen = sizeof(struct sockaddr_storage);
125	156	if ((s=sendto(socket_number, msg, (size_t)msgSize, 0,
126		(struct sockaddr *)addr,
127		sizeof(struct sockaddr_in))) < 0)
	157	(struct sockaddr *)addr, addrlen)) < 0)
128	158	{
129		~~fprintf(stderr, "Error ******** : %d bytes sent\n", s);~~
130		~~perror("sending packet"~~);
	159	syslog(LOG_ERR, "Error: %d bytes sent, %s",
	160	s, strerror(errno));
131	161	exit(1);
132	162	}

trunk/src/remote_output.h

r2	r8
28	28	#include <stdio.h>
29	29	#include <stdlib.h>
	30	#include <errno.h>
	31	#include <syslog.h>
30	32	#include <unistd.h>
31	33	#include <arpa/inet.h>
…	…
38	40	typedef struct RemoteHost {
39	41	int sockId;
40		struct sockaddr_in *hostAddressPtr;
41		char *msgIpv4;
42		char *msgIpv6;
43		char *msgXcast;
	42	struct sockaddr_storage *hostAddressPtr;
44	43	RemoteHostPtr next;
45	44	} RemoteHostType;
…	…
64	63	void freeDb(DbPtr);
65	64	void freeFile(FilePtr);
66		int create_socket(char , ~~int, struct sockaddr_in~~ );
67		int sendMessage(int, unsigned char , int, struct sockaddr_in );
	65	int create_socket(char , char , struct sockaddr_storage *);
	66	int sendMessage(int, unsigned char , int, struct sockaddr_storage );
68	67
69	68	#endif /* REMOTE_OUTPUT_H */

trunk/src/renetcol.c

r2	r8
29	29	char *configFileName;
30	30	char *prefixV4FileName;
31		sigjmp_buf contextSigalrm;
32		struct sigaction myAction; /* for timer */
33		volatile sig_atomic_t isAlarmUp = 0;
	31	struct sigaction myAction;
	32	sigjmp_buf contextSigalrm;
	33	/* struct sigaction myAction; for timer */
	34	volatile sig_atomic_t sigusr1Up = 0;
34	35	/* V9 */
35	36	unsigned short offsetV9 = 0;
…	…
58	59	RuleDefPtr rulesAddress[FIELD_TYPE_NUMBER+1][MAX_RULES_PER_FIELD];
59	60	RuleDefPtr *rulesAddressPtr;
	61	int reInitConf = 0;
60	62	/* ENDV9 */
61	63	static unsigned long datagramNumber;
…	…
69	71	static int rcv;
70	72	static int sockBufSize = SOCKET_BUFFER_SIZE;
71		static unsigned short flowNumber;
	73	/* static unsigned short flowNumber; */
72	74	static unsigned short receptPort = RECEPTION_PORT;
73	75	static unsigned char *ptr_buffer;
…	…
91	93	exit(1);
92	94	}
	95
93	96	openlog(argv[0], LOG_PID, LOG_USER);
94	97
…	…
101	104
102	105	initCache();
	106	fprintf(stderr, "reading the routers list\n");
103	107	routerNb = getRegisteredRouters(configFileName, &sortedRouterList[0],
104	108	&indexedRouterList[0]);
	109	fprintf(stderr, "reading the IPv4 prefix\n");
105	110	if ( getPrefixV4(prefixV4FileName, &prefixV4Tab[0]) < 1){
106	111	fprintf(stderr, "Error during prefix v4 reading\n");
…	…
108	113	}
109	114	rulesListPtr = NULL;
	115	fprintf(stderr, "reading the rules\n");
110	116	rulesListPtr = getLightRules(rulesListPtr, rulesFileName);
111	117	tmp = rulesListPtr;
…	…
115	121	}
116	122	}
	123
	124	fprintf(stderr, "I become a deamon, next messages via syslogd.\n");
	125	if (fork () != 0)
	126	exit (0);
	127	if (setsid() == -1){
	128	exit(4);
	129	}
	130
	131	myAction.sa_handler = sigusr1Mgmt;
	132	myAction.sa_flags = SA_RESTART;
	133	sigemptyset (&(myAction.sa_mask));
	134	sigaddset (&(myAction.sa_mask), SIGALRM);
	135	sigaction (SIGUSR1, &myAction, NULL);
	136
117	137	setCache(rulesListPtr);
118	138	rulesAddressPtr = (RuleDefPtr *)rulesAddress;
…	…
121	141	myKey = createKey(argv[0]);
122	142	myQueue = createQueue(myKey);
	143	sendMyPid(myQueue);
123	144
124	145	/* INIT THE CURRENTS VARIABLES*/
…	…
146	167	datagramNumber =0;
147	168
148		~~/* INIT FROM CONFS FILES*/~~
149		~~/initConf();/~~
150
151	169	/* TIME */
152	170	now = time((time_t *)NULL);
…	…
156	174	fprintf(stderr, "END\n");
157	175	return (0);
	176	}
	177
	178	/*
	179	*
	180	*/
	181	void sendMyPid(int queueID)
	182	{
	183	msgType myMsg;
	184	char *msgTextIndex;
	185	unsigned short tplMsgType = 12;
	186	pid_t myPID;
	187
	188	myPID = getpid();
	189	msgTextIndex = mempcpy(mempcpy(myMsg.text,
	190	&tplMsgType,
	191	sizeof (unsigned short)
	192	),
	193	&myPID,
	194	sizeof(pid_t)
	195	);
	196	myMsg.type = 1;
	197	msgSend(queueID, myMsg);
	198	}
	199
	200	/*
	201	*
	202	*/
	203	void sendReadRulesSignal(int queueID)
	204	{
	205	msgType myMsg;
	206	char *msgTextIndex;
	207	unsigned short tplMsgType = 13;
	208
	209	msgTextIndex = mempcpy(myMsg.text,
	210	&tplMsgType,
	211	sizeof (unsigned short)
	212	);
	213	myMsg.type = 1;
	214	msgSend(queueID, myMsg);
	215	}
	216
	217	/*
	218	*
	219	*/
	220	void sigusr1Mgmt(int num)
	221	{
	222	sigusr1Up = 1;
	223	}
	224
	225	/*
	226	*
	227	*/
	228	void
	229	initRule()
	230	{
	231	RulesPtr tmp = NULL;
	232	initCache();
	233	tmp = rulesListPtr;
	234	for ( ; tmp; tmp=tmp->next) {
	235	rulesListPtr = delRule(tmp, rulesListPtr);
	236	}
	237	rulesListPtr = NULL;
	238	rulesListPtr = getLightRules(rulesListPtr, rulesFileName);
	239	tmp = rulesListPtr;
	240	for ( ; tmp; tmp=tmp->next) {
	241	if (tmp->type != 2) {
	242	rulesListPtr = delRule(tmp, rulesListPtr);
	243	}
	244	}
	245	tmp = NULL;
	246	initCache();
	247	setCache(rulesListPtr);
	248	sendReadRulesSignal(myQueue);
158	249	}
159	250
…	…
223	314	unsigned short shift;
224	315	short version = 0;
	316	int regRouter = 0;
	317
225	318	do {
	319	if (sigusr1Up == 1){
	320	sigusr1Up = 0;
	321	initRule();
	322	}
226	323	socketReading();
227	324	getIpHeader(pcktPtr, ptr_buffer);
228		checkIpHeader(pcktPtr, &sortedRouterList[0], routerNb);
	325	regRouter = checkIpHeader(pcktPtr, &sortedRouterList[0], routerNb);
229	326	getUdpHeader(pcktPtr, ptr_buffer);
230		checkUdpHeader(pcktPtr);
	327	checkUdpHeader(pcktPtr, regRouter, receptPort);
231	328
232	329	switch( version =
…	…
237	334	break;
238	335	case 5:
239		checkNetFlowHeader(pcktPtr);
	336	/* if ((currentRouterPtr=notExistRouter(routersListPtr, */
	337	/* pcktPtr->ipH->srcAdd))==NULL) { */
	338	/* routersListPtr = addRouter(routersListPtr, */
	339	/* pcktPtr->ipH->srcAdd, */
	340	/* (unsigned long) 0); */
	341	/* currentRouterPtr = routersListPtr; */
	342	/* } */
	343	/* currentFlowsetNumber = 0; */
	344	/* shift = 0; */
	345	/* while ((currentFlowsetNumber < currentHeaderV9Ptr->count)) { */
	346	/* curTplFlSetPtr = NULL; */
	347	/* currentFlowsetId=getFlowsetId(currentFlowsetNumber, */
	348	/* offsetV9Ptr, ptr_buffer); */
	349	/* remplacer par creation du template v5 si pas deja fait */
	350	/* shift = checkTemplateFlowSet(currentRouterPtr, offsetV9Ptr, */
	351	/* ptr_buffer, currentHeaderV9Ptr, */
	352	/* curTplFlSetPtr, */
	353	/* currentFlowsetNumberPtr, */
	354	/* myQueue); */
	355	/* showAllTplFlSet(); */
	356	/* shift = checkDataFlowSet(shift, currentRouterPtr, */
	357	/* currentHeaderV9Ptr, offsetV9Ptr, */
	358	/* ptr_buffer, currentFlowsetNumberPtr, */
	359	/* currentFlowsetIdPtr, pcktPtr, */
	360	/* rulesAddressPtr, rulesListPtr, */
	361	/* myQueue); */
	362	/* } */
240	363	break;
241	364	case 9:

trunk/src/renetcol.h

r2	r8
23	23	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24	24	*/
	25
	26	#define _GNU_SOURCE
25	27
26	28	#include <unistd.h>
…	…
62	64
63	65	#define RECEPTION_ADDRESS "" /* your collector address like 10.0.0.90 */
64		#define RECEPTION_PORT 9990 /* your collector port to recept netflow export */
	66	#define RECEPTION_PORT 9999 /* your collector port to recept netflow export */
65	67
66	68	#define TIME_OUT 300 /MAJSCH/
…	…
74	76	void initCache();
75	77	void waitingRoom();
76		void catchReinit(int);
77		void initConf();
	78	void initRule();
	79	void sigusr1Mgmt(int);
	80	void sendMyPid(int);
	81	void sendReadRulesSignal(int);
78	82	void initStream();
79	83	void catchAlarm(int);

trunk/src/renetcolSender.c

r2	r8
32	32	RulesPtr rulesListPtr;
33	33	char *rulesFileName;
34
	34	char *remoteHost;
35	35	int i=0;
36	36	int j=0;
…	…
42	42	RulesPtr tmp = NULL;
43	43
	44	/*
	45	* todo
	46	*/
	47	int
	48	todo(int sock, char *host)
	49	{
	50	char buffer[256];
	51	int length;
	52	FILE *ruleFile;
	53	FILE *tmpFile;
	54	char field[4];
	55	char port[6];
	56	char value[40];
	57	char operator[2];
	58	char lines[256][256];
	59	char line[256];
	60	char lineCopy[256];
	61	char strTok[1];
	62	char strName[100];
	63	int cpt = 0;
	64	int i = 0;
	65	int ruleToDelete = 0;
	66
	67	while (1){
	68	length = read(sock, buffer, 256);
	69	if (length < 0){
	70	syslog(LOG_ERR, " read : %s", strerror(errno));
	71	return 1;
	72	}
	73	if (length == 0)
	74	break;
	75	buffer[length] = '\0';
	76	if (strncmp("DELETE", buffer, 6)==0){
	77	if (!(ruleFile = fopen(rulesFileName, "r"))) {
	78	syslog (LOG_ERR, "error during %s opening\n", rulesFileName);
	79	exit(1);
	80	} else {
	81	while ( fgets(line, 256, ruleFile) != 0) {
	82	strncpy(lineCopy, line, 256);
	83	if (strncmp("N", lineCopy, 1) == 0){
	84	ruleToDelete = 0;
	85	if (sscanf(lineCopy, "%1s %s\n",
	86	strTok,
	87	strName) != 0) {
	88	if (strncmp(strName, host, strlen(host)) != 0){
	89	strncpy(lines[cpt], lineCopy, strlen(lineCopy));
	90	} else {
	91	ruleToDelete = 1;
	92	}
	93	} else {
	94	syslog (LOG_ERR, "error in file %s at line %d",
	95	rulesFileName, cpt);
	96	return 1;
	97	}
	98	} else {
	99	if (ruleToDelete==0) {
	100	strncpy(lines[cpt], lineCopy, strlen(lineCopy));
	101	}
	102	}
	103	cpt++;
	104	}
	105	fclose(ruleFile);
	106	if (!(tmpFile = fopen("rules.tmp", "w"))) {
	107	syslog (LOG_ERR, "error during %s opening", "rules.tmp");
	108	return 1;
	109	} else {
	110	for (i=0; i<cpt; i++){
	111	fprintf(tmpFile, "%s", lines[i]);
	112	}
	113	fclose(tmpFile);
	114	if (remove("rules.txt")!=0){
	115	syslog(LOG_ERR, "rules.txt remove pb: %s", strerror(errno));
	116	return 1;
	117	}
	118	if (rename("rules.tmp", "rules.txt")!=0){
	119	syslog(LOG_ERR, "rename file pb: %s", strerror(errno));
	120	return 1;
	121	}
	122	}
	123	}
	124	} else {
	125	if (sscanf(buffer, "%s %s %1s %s\n",
	126	port,
	127	field,
	128	operator,
	129	value) == 0) {
	130	syslog (LOG_ERR, "error in recept rule: %s", buffer);
	131	return 1;
	132	}
	133	if (!(ruleFile = fopen(rulesFileName, "a"))) {
	134	syslog (LOG_ERR, "error during %s opening", rulesFileName);
	135	return 1;
	136	} else {
	137	fprintf(ruleFile, "N %s\n", host);
	138	fprintf(ruleFile, "O socket %s %s\n", host, port);
	139	fprintf(ruleFile, "C %s %s %s\n", field, operator, value);
	140	fclose(ruleFile);
	141	}
	142	}
	143	}
	144	close(sock);
	145	return 0;
	146	}
	147
	148	/*
	149	* tcpServer
	150	*/
	151	int
	152	tcpServer ()
	153	{
	154	struct addrinfo index, *result;
	155	struct sockaddr_storage listenAddress;
	156	socklen_t listenAddressLen;
	157	int listenSock;
	158	int returnCode;
	159	pid_t renetcolPID = 0;
	160	FILE *pidFile;
	161	unsigned pid;
	162	char line[256];
	163	int status;
	164
	165	memset(&index, 0, sizeof index);
	166	index.ai_flags = AI_PASSIVE;
	167	index.ai_family = AF_UNSPEC;
	168	index.ai_socktype = SOCK_STREAM;
	169	index.ai_protocol = IPPROTO_TCP;
	170	returnCode = getaddrinfo(NULL, RECEPT_PORT, &index, &result);
	171	if (returnCode != 0) {
	172	syslog(LOG_ERR, "getaddrinfo : %s", strerror(errno));
	173	return -1;
	174	}
	175	listenAddressLen = result->ai_addrlen;
	176	memcpy(&listenAddress, result->ai_addr, (size_t) listenAddressLen);
	177	listenSock = socket(result->ai_family, result->ai_socktype,
	178	result->ai_protocol);
	179	if ( listenSock < 0) {
	180	syslog(LOG_ERR, "socket : %s", strerror(errno));
	181	freeaddrinfo(result);
	182	return -1;
	183	}
	184	freeaddrinfo(result);
	185
	186	{
	187	int on = 1;
	188	setsockopt(listenSock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
	189	}
	190	if (bind(listenSock, (struct sockaddr *) &listenAddress,
	191	listenAddressLen) < 0 \|\|
	192	listen(listenSock, 8) < 0) {
	193	syslog(LOG_ERR, "bind or listen : %s", strerror(errno));
	194	return -1;
	195	}
	196	for (;;) {
	197	int clientSock;
	198	struct sockaddr_storage clientAddress;
	199	socklen_t clientAddressLen;
	200	char host[NI_MAXHOST];
	201
	202	memset(&clientAddress, 0, sizeof clientAddress);
	203	clientAddressLen = (socklen_t) sizeof clientAddress;
	204
	205	if ((clientSock =
	206	accept(listenSock, (struct sockaddr *)
	207	&clientAddress,
	208	&clientAddressLen)) < 0) {
	209	continue;
	210	}
	211	if (clientAddress.ss_family != AF_INET &&
	212	clientAddress.ss_family != AF_INET6) {
	213	close(clientSock);
	214	continue;
	215	}
	216	if (getnameinfo((struct sockaddr *) &clientAddress,
	217	clientAddressLen, host, sizeof host,
	218	NULL, (size_t) 0, 0) == 0) {
	219	syslog(LOG_INFO,
	220	"New connection from %s", host);
	221	}
	222	remoteHost = host;
	223	switch (fork ()) {
	224	case 0 :
	225	close (listenSock);
	226	todo(clientSock, remoteHost);
	227	if (!(pidFile = fopen("/tmp/pidrenetcol.tmp", "r"))) {
	228	syslog (LOG_ERR, "error during /tmp/pidrenetcol.tmp opening : %s\n",
	229	strerror(errno));
	230	exit(1);
	231	} else {
	232	fgets(line, 256, pidFile);
	233	if (sscanf(line, "%u", &pid)==0)
	234	syslog(LOG_ERR,"sscanf : %s", strerror(errno));
	235	renetcolPID = pid;
	236	}
	237	fclose(pidFile);
	238	if (renetcolPID==0){
	239	syslog(LOG_INFO, "PID null");
	240	}else{
	241	if (kill(renetcolPID, SIGUSR1)<0)
	242	syslog(LOG_ERR, "I can't send SIGUSR1 to renetcol process : %s",
	243	strerror(errno));
	244	}
	245	exit (0);
	246	case -1 :
	247	syslog (LOG_ERR, "fork : %s", strerror(errno));
	248	return (-1);
	249	default :
	250	close (clientSock);
	251	if (waitpid( -1, &status, WNOHANG)==-1){
	252	syslog(LOG_ERR, "waitpid : %s", strerror(errno));
	253	exit(1);
	254	}
	255	}
	256	}
	257	return (0);
	258	}
	259
	260	/*
	261	*
	262	*/
	263	void initConfSender(){
	264	RulesPtr tmp = NULL;
	265
	266	tmp = rulesListPtr;
	267	for ( ; tmp; tmp=tmp->next) {
	268	rulesListPtr = delRule(tmp, rulesListPtr);
	269	}
	270	rulesListPtr = NULL;
	271	rulesListPtr = getRules(rulesListPtr, rulesFileName);
	272	tmp = rulesListPtr;
	273	for ( ; tmp; tmp=tmp->next) {
	274	if (tmp->type != 2) {
	275	rulesListPtr = delRule(tmp, rulesListPtr);
	276	}
	277	}
	278	tmp = NULL;
	279	}
	280
44	281	/*
45	282	* Main
…	…
51	288	int s=0;
52	289	unsigned short rulesID = 0;
	290	FILE *pidFile;
	291	pid_t renetcolPID = 0;
53	292
54	293	if ( argc != 4) {
55	294	fprintf (stderr,
56		"%s: Usage: %s <key> <msg type> <rules file>\n exp: %s ~~colnetv9~~ 1 rules.txt\n",
	295	"%s: Usage: %s <key> <msg type> <rules file>\n exp: %s renetcol 1 rules.txt\n",
57	296	argv[0], argv[0], argv[0]);
58	297	exit(1);
59	298	}
	299	if (sscanf (argv[2], "%ld", &type) != 1){
	300	fprintf(stderr, "Invalid type\n");
	301	exit(1);
	302	}
	303
	304	/* chdir ("/"); */
	305	fprintf(stderr, "I become a deamon, next messages via syslogd.\n");
	306	if (fork () != 0)
	307	exit (0);
	308	if (setsid() == -1){
	309	exit(4);
	310	}
	311	/* for (i = 0; i < FOPEN_MAX; i ++) */
	312	/* close (i); */
60	313
61	314	openlog(argv[0], LOG_PID, LOG_USER);
…	…
66	319	/* we delete rules which are not type socket */
67	320	tmp = rulesListPtr;
68		for ( ; tmp~~->next~~; tmp=tmp->next) {
	321	for ( ; tmp; tmp=tmp->next) {
69	322	if (tmp->type != 2) {
70	323	rulesListPtr = delRule(tmp, rulesListPtr);
…	…
72	325	}
73	326	tmp = NULL;
74		~~printRule(rulesListPtr);~~
75
76	327	/* get IPC messages queue */
77	328	if ((myKey = ftok(argv[1], 0))== -1){
78		~~perror("ftok"~~);
	329	syslog(LOG_ERR, "ftok : %s", strerror(errno));
79	330	exit(1);
80	331	}
81	332	if ((myQueue = msgget(myKey, 0)) == -1){
82		~~perror("msgget"~~);
	333	syslog(LOG_ERR, "msgget : %s", strerror(errno));
83	334	exit(1);
84	335	}
85		if (sscanf (argv[2], "%ld", &type) != 1){
86		fprintf(stderr, "Invalid type\n");
87		exit(1);
88		}
	336
	337	/* launch a TCP server to listen remote clients */
	338	switch (fork ()) {
	339	case 0 : /* son */
	340	tcpServer();
	341	case -1 :
	342	syslog (LOG_ERR, "fork : %s", strerror(errno));
	343	return (-1);
	344	default : /* father */
	345	break;
	346	}
	347	/* loop on the message queue */
89	348	while (1) {
90	349	i=0;
…	…
112	371	}
113	372	}
	373	} else if (12==((unsigned short)&buffer2)){
	374	buffer4[0]= *(myText+i); i++;
	375	buffer4[1]= *(myText+i); i++;
	376	buffer4[2]= *(myText+i); i++;
	377	buffer4[3]= *(myText+i); i++;
	378	renetcolPID = ((pid_t )&buffer4);
	379	if (!(pidFile = fopen("/tmp/pidrenetcol.tmp", "w"))) {
	380	syslog (LOG_ERR, "error during /tmp/pidrenetcol.tmp opening : %s\n",
	381	strerror(errno));
	382	exit(1);
	383	} else {
	384	if (fprintf(pidFile, "%u", renetcolPID)==0)
	385	syslog(LOG_ERR,"fprintf : %s", strerror(errno));
	386	}
	387	fclose(pidFile);
	388	} else if (13==((unsigned short)&buffer2)){
	389	initConfSender();
114	390	} else {
115	391	syslog(LOG_INFO, "Msg type undefined ??");
…	…
117	393	i=0;
118	394	}
	395	return(0);
119	396	}

trunk/src/renetcolSender.h

r2	r8
30	30	#include <errno.h>
31	31	#include <sys/types.h>
	32	#include <sys/wait.h>
32	33	#include <sys/ipc.h>
33	34	#include <sys/msg.h>
	35	#include <sys/sem.h>
	36	#include <sys/shm.h>
34	37	#include <signal.h>
35	38	#include <setjmp.h>
…	…
38	41	#include "rules_mgmt.h"
39	42	#include "remote_output.h"
	43
	44	#define RECEPT_PORT "52571"
	45	#define VAR_SHARED_SIZE 4
	46
	47	typedef union semun
	48	{
	49	int val;
	50	struct semid_ds *buf;
	51	unsigned short *array;
	52	} semunType;
	53
	54	typedef struct glob {
	55	int semId;
	56	int lg;
	57	pid_t renetcolPID;
	58	} globType;
	59
	60	int todo(int, char*);
	61	int tcpServer ();
	62	void initConfSender();

trunk/src/rules.txt

r2	r8
9	9	# R: field ID to record (not present in this release), if no record all fields
10	10	# are recorded
	11	# field IDs can be found on the following url:
	12	# http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00800a3db9.shtml
	13	# in table 6
11	14
12	15	# get all IPv6 flow seen by the collector, send it to a remote client
	16	# field 60 is the IP_PROTOCOL_VERSIO?
13	17	N test
14	18	O socket 10.0.0.1 3234
15	19	C 60 = 6
16	20
17		# get all IPv4 flow, send it to a remote client
	21	# get all IPv4 flow of a host, send it to a remote client
	22	# field 8 is the IPv4_SRC_ADDR
18	23	N test
19	24	O socket 127.0.0.1 2222
20		C ~~60 = 4~~
	25	C 8 = 192.68.0.1
21	26
22	27	# get flows from one IPv6 address, send it to a remote client
…	…
24	29	O socket 10.0.0.2 2222
25	30	C 27 = 2001:620:0:4:203:baff:fe4c:d99b
26
27		~~# get flows from one IPv6 address, send it to a remote client~~
28		~~N test7~~
29		~~O socket 10.0.0.3 2222~~
30		~~C 8 = 193.49.159.10~~
31	31
32	32	# This rule depends on functionnality not present in this beta release
…	…
47	47	C 1 > 15 C 1 < 16
48	48
	49	N 141.renater.fr
	50	O socket 141.renater.fr 2222
	51	C 60 = 6

trunk/src/rules_mgmt.c

r2	r8
72	72	if (rPtr!=NULL){
73	73	fprintf(stderr, "\nid: %hu\n", rPtr->id);
	74	if (rPtr->prev) { fprintf(stderr, "\nid prev: %hu\n", rPtr->prev->id);}
	75	if (rPtr->next) { fprintf(stderr, "\nid next: %hu\n", rPtr->next->id);}
74	76	fprintf(stderr, "Name: %s\n", rPtr->ruleName);
75	77	/* puts (asctime (& rPtr->begin)); */
…	…
137	139	{
138	140	RulesPtr tmp = NULL;
139		if (rPtr->prev!=NULL) {
140		rPtr->prev->next = rPtr->next;
	141	if (rPtr==firstrPtr) {
	142	if (rPtr->next) {
	143	tmp = rPtr->next;
	144	tmp->prev = NULL;
	145	freeRule(rPtr);
	146	return tmp;
	147	}else{
	148	freeRule(rPtr);
	149	return NULL;
	150	}
	151	} else {
	152	if (rPtr->prev->next) { rPtr->prev->next = rPtr->next;}
141	153	if (rPtr->next) {rPtr->next->prev = rPtr->prev;}
142	154	freeRule(rPtr);
143	155	return firstrPtr;
144		} else {
145		if (rPtr->next) {
146		rPtr->next->prev = NULL;
147		tmp = rPtr->next;
148		}
149		freeRule(rPtr);
150		return tmp;
151		}
152		}
153
154		RulesPtr
	156	}
	157	}
	158
	159	RulesPtr
155	160	getRules(RulesPtr rPtr, char *filename)
156	161	{
157	162	FILE *ruleFile;
158	163	RulesPtr tmp = NULL;
	164	RulesPtr tmp2 = NULL;
159	165	time_t hour;
160	166	char line[512];
…	…
168	174
169	175	if (!(ruleFile = fopen(filename, "r"))) {
170		~~fprintf (stderr~~, "error during %s opening\n", filename);
	176	syslog(LOG_ERR, "error during %s opening\n", filename);
171	177	exit(1);
172	178	}
…	…
184	190	strTok,
185	191	strName) == 0) {
186		~~fprintf(stderr~~, "Error in file %s, line %d\n",
	192	syslog(LOG_ERR, "Error in file %s, line %d\n",
187	193	filename, cptLine);
188	194	exit(1);
…	…
192	198	tmp = (RulesPtr) malloc(sizeof(struct Rules));
193	199	if (tmp==NULL) {
194		~~fprintf(stderr~~, "ERROR in malloc in getRule function\n");
	200	syslog(LOG_ERR, "ERROR in malloc in getRule function\n");
195	201	exit(1);
196	202	} else {
…	…
202	208	tmp->db = NULL;
203	209	tmp->next = rPtr;
	210	/* rPtr->prev = tmp; */
204	211	tmp->prev = NULL;
205	212	}
…	…
214	221	str1,
215	222	str2) == 0) {
216		~~fprintf(stderr~~, "Error in file %s, line %d\n",
	223	syslog(LOG_ERR, "Error in file %s, line %d\n",
217	224	filename, cptLine);
218	225	exit(1);
…	…
244	251	cptLine++;
245	252	}
246		~~/* if (rPtr!=NULL) { rPtr->prev = tmp;} */~~
247	253	/* tmp->prev = NULL; */
248	254	}
249		return tmp;
	255	tmp2 = tmp;
	256	for ( ; tmp2; tmp2=tmp2->next) {
	257	if (tmp2->next) {
	258	tmp2->next->prev = tmp2;
	259	}
	260	}
	261	fclose(ruleFile);
	262	return tmp;
250	263	}
251	264
…	…
255	268	FILE *ruleFile;
256	269	RulesPtr tmp = NULL;
	270	RulesPtr tmp2 = NULL;
257	271	time_t hour;
258	272	char line[512];
…	…
266	280
267	281	if (!(ruleFile = fopen(filename, "r"))) {
268		~~fprintf (stderr~~, "error during %s opening\n", filename);
	282	syslog(LOG_ERR, "error during %s opening\n", filename);
269	283	exit(1);
270	284	}
…	…
282	296	strTok,
283	297	strName) == 0) {
284		~~fprintf(stderr~~, "Error in file %s, line %d\n",
	298	syslog(LOG_ERR, "Error in file %s, line %d\n",
285	299	filename, cptLine);
286	300	exit(1);
…	…
290	304	tmp = (RulesPtr) malloc(sizeof(struct Rules));
291	305	if (tmp==NULL) {
292		~~fprintf(stderr~~, "ERROR in malloc in getRule function\n");
	306	syslog(LOG_ERR, "ERROR in malloc in getRule function\n");
293	307	exit(1);
294	308	} else {
…	…
312	326	str1,
313	327	str2) == 0) {
314		~~fprintf(stderr~~, "Error in file %s, line %d\n",
	328	syslog(LOG_ERR, "Error in file %s, line %d\n",
315	329	filename, cptLine);
316	330	exit(1);
…	…
332	346	}
333	347	if (strncmp("A", lineCopy, 1) == 0){
334		syslog(LOG_INFO,"Aggregation mode isn't yet implemented\n");
	348	syslog(LOG_INFO,"Aggregation mode isn't yet implemented");
335	349	}
336	350	if (strncmp("R", lineCopy, 1) == 0){
…	…
339	353	cptLine++;
340	354	}
341		/* if (rPtr!=NULL) { rPtr->prev = tmp;} */
342		/* tmp->prev = NULL; */
343		}
	355	}
	356	tmp2 = tmp;
	357	for ( ; tmp2; tmp2=tmp2->next) {
	358	if (tmp2->next) {
	359	tmp2->next->prev = tmp2;
	360	}
	361	}
	362	fclose(ruleFile);
344	363	return tmp;
345	364	}
…	…
348	367	addFileDef(FilePtr fPtr, char str1, char str2)
349	368	{
350		fprintf(stderr,"add file def: %s %s \n", str1, str2);
	369	/* fprintf(stderr,"add file def: %s %s \n", str1, str2); */
351	370	return NULL;
352	371	}
…	…
358	377	tmp = (RemoteHostPtr) malloc(sizeof(struct RemoteHost));
359	378	if (tmp==NULL) {
360		~~fprintf(stderr, "ERROR in malloc in addRemoteHostDef function\~~n");
	379	syslog(LOG_ERR, "ERROR in malloc in addRemoteHostDef function");
361	380	exit(1);
362	381	} else {
363		tmp->hostAddressPtr = (struct sockaddr_in*)
364		malloc(sizeof(struct sockaddr_in));
	382	tmp->hostAddressPtr = (struct sockaddr_storage*)
	383	malloc(sizeof(struct sockaddr_storage));
365	384	if (tmp->hostAddressPtr==NULL) {
366		~~fprintf(stderr, "ERROR in malloc in addRemoteHostDef function\~~n");
	385	syslog(LOG_ERR, "ERROR in malloc in addRemoteHostDef function");
367	386	exit(1);
368	387	} else {
369		tmp->sockId = create_socket( str1, atoi(str2), tmp->hostAddressPtr);
	388	if ((tmp->sockId=create_socket( str1, str2, tmp->hostAddressPtr))==0)
	389	return NULL;
370	390	tmp->next = rPtr;
371	391	}
…	…
376	396	DbPtr
377	397	addDataBase(DbPtr dPtr, char str1, char str2){
378		~~fprintf(stderr,"add DB def: %s %s \n", str1, str2~~);
	398	syslog(LOG_INFO,"DB output not in this release");
379	399	return NULL;
380	400	}
…	…
392	412	unsigned short length;
393	413	if (sscanf(fields, " %hu %hu ", &type, &length) == 0) {
394		~~fprintf(stderr~~,
395		"Errors in definition of fields to record: wrong syntax\n");
	414	syslog(LOG_ERR,
	415	"Errors in definition of fields to record: wrong syntax");
396	416	exit(1);
397	417	} else {
…	…
424	444	tmp = (RuleDefPtr) malloc(sizeof(struct RuleDef));
425	445	if (tmp==NULL) {
426		~~fprintf(stderr, "ERROR in malloc in addRuleDef function\~~n");
	446	syslog(LOG_ERR, "ERROR in malloc in addRuleDef function");
427	447	exit(1);
428	448	} else {
429	449	if (sscanf(fields, " %hu %1s %s ", &ft, operator, value) == 0) {
430		~~fprintf(stderr, "Errors in Tests definition : wrong syntax\n~~");
	450	syslog(LOG_ERR, "Errors in Tests definition : wrong syntax");
431	451	exit(1);
432	452	}
…	…
456	476	} else {
457	477	syslog(LOG_INFO,
458		"You can't compare the field <%hu> ~~currently, sorry\n~~",
	478	"You can't compare the field <%hu> in this release, sorry",
459	479	ft);
460	480	}
…	…
479	499	tmp = (ValuesPtr) malloc(sizeof(struct Values));
480	500	if (tmp==NULL) {
481		~~fprintf(stderr, "ERROR in malloc in addAddress function\~~n");
	501	syslog(LOG_ERR, "ERROR in malloc in addAddress function");
482	502	exit(1);
483	503	} else {
484	504	if (sscanf(val, "%hu.%hu.%hu.%hu", &v0, &v1, &v2, &v3) == 0) {
485		~~fprintf(stderr, "Errors in Tests definition : wrong IPv4 value\n~~");
	505	syslog(LOG_ERR, "Errors in Tests definition : wrong IPv4 value");
486	506	exit(1);
487	507	}
…	…
507	527	tmp = (ValuesPtr) malloc(sizeof(struct Values));
508	528	if (tmp==NULL) {
509		~~fprintf(stderr, "ERROR in malloc in addV6Address function\~~n");
	529	syslog(LOG_ERR, "ERROR in malloc in addV6Address function");
510	530	exit(1);
511	531	} else {
…	…
513	533	switch(result) {
514	534	case 0 :
515		~~printf(" inet_pton : Invalid IPv6 Address\n~~");
	535	syslog(LOG_ERR," inet_pton : Invalid IPv6 Address");
516	536	exit(1);
517	537	break;
518	538	case -1:
519		~~printf(" inet_pton : AF unknown \~~n");
	539	syslog(LOG_ERR," inet_pton : AF unknown");
520	540	exit(1);
521	541	break;
…	…
540	560	tmp = (ValuesPtr) malloc(sizeof(struct Values));
541	561	if (tmp==NULL) {
542		~~fprintf(stderr, "ERROR in malloc in addValue function\~~n");
	562	syslog(LOG_ERR, "ERROR in malloc in addValue function");
543	563	exit(1);
544	564	} else {
545	565	if (sscanf(val, "%s", value) == 0) {
546		~~fprintf(stderr, "Errors in Tests definition : wrong short value\n~~");
	566	syslog(LOG_ERR, "Errors in Tests definition : wrong short value");
547	567	exit(1);
548	568	}
…	…
562	582	tmp = (ValuesPtr) malloc(sizeof(struct Values));
563	583	if (tmp==NULL) {
564		~~fprintf(stderr, "ERROR in malloc in addValue function\~~n");
	584	syslog(LOG_ERR, "ERROR in malloc in addValue function");
565	585	exit(1);
566	586	} else {
567	587	if (sscanf(val, "%s", value) == 0) {
568		~~fprintf(stderr, "Errors in Tests definition : wrong char value\n~~");
	588	syslog(LOG_ERR, "Errors in Tests definition : wrong char value");
569	589	exit(1);
570	590	}

Download in other formats: